﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
using System.Collections.Generic;

namespace SacMauVN.Admin
{
    public partial class UserManager : System.Web.UI.Page
    {
        private static int ID;
        private string MyAction = MyConst.Action.Addnew;

        #region Ham Su kien
        protected void Page_Load(object sender, EventArgs e)
        {
            if (CheckPermision())
            {
                formUpdate.Visible = false;
                if (!IsPostBack)
                {
                    BindDataToGrid("");
                }
            }
            else
            {
                Response.Redirect("Default.aspx");
            }
        }

        protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
        {
            Response.Redirect("Index.aspx");
        }


        protected void grdDanhMuc_RowCommand(object sender, GridViewCommandEventArgs e)
        {

            ID = Convert.ToInt32(e.CommandArgument);


            if (e.CommandName == MyConst.Action.Update)
            {
                formUpdate.Visible = true;
                PasswordField.Visible = false;
                RePasswordField.Visible = false;
                txtUserName.Enabled = false;
                DataTable DanhMucTable = GetChiTietUser(ID);
                txtUserName.Text = DanhMucTable.Rows[0][1].ToString();
                txtHoTen.Text = DanhMucTable.Rows[0][2].ToString();
                txtEmail.Text = DanhMucTable.Rows[0][3].ToString();
                btnLuu.CommandName = MyConst.Action.Update;
            }
            else if (e.CommandName == MyConst.Action.Delete)
            {
                string sql = "DELETE FROM dbo.tblSMVNUser WHERE ID = @ID";
                List<SqlParameter> lstParameter = new List<SqlParameter>();
                lstParameter.Add(SqlHelper.CreateParameterObject("@ID", SqlDbType.Int, ParameterDirection.Input, ID));
                SqlHelper.ExecuteNonQuery(CommandType.Text, sql, lstParameter);
                BindDataToGrid("");
            }
        }

        protected void btnThem_Click(object sender, EventArgs e)
        {
            formUpdate.Visible = true;
            txtUserName.Text = "";
            txtUserName.Enabled = true;
            txtPassword.Text = "";
            txtRePassword.Text = "";
            PasswordField.Visible = true;
            RePasswordField.Visible = true;
            btnLuu.CommandName = MyConst.Action.Addnew;
        }

        protected void btnLuu_Click(object sender, EventArgs e)
        {
            int UserID = Convert.ToInt32(Session["userid"]);
            if (btnLuu.CommandName == MyConst.Action.Addnew)
            {
                InsertDanhMuc(
                    txtUserName.Text,
                    txtPassword.Text,
                    txtHoTen.Text,
                    txtEmail.Text
                    );
                BindDataToGrid("");
            }
            else if (btnLuu.CommandName == MyConst.Action.Update)
            {
                UpdateDanhMuc(
                    txtHoTen.Text,
                    txtEmail.Text,
                    ID
                    );
                BindDataToGrid("");
            }
        }

        protected void btnHuy_Click(object sender, EventArgs e)
        {
            formUpdate.Visible = false;
        }
        #endregion Ham su kien

        #region Ham chuc nang

        protected void BindDataToGrid(string UserName)
        {
            List<SqlParameter> arrParams = new List<SqlParameter>();
            arrParams.Add(SqlHelper.CreateParameterObject("@UserName", SqlDbType.NVarChar, ParameterDirection.Input, UserName));
            string sql = "SELECT * from tblSMVNUser WHERE Username != 'SysAdmin' AND (Username LIKE @UserName OR HoTen LIKE '%'+@UserName+'%' OR @UserName = '')";
            grdDanhMuc.DataSource = SqlHelper.ExecuteDataTable(CommandType.Text, sql, arrParams);
            grdDanhMuc.DataBind();
        }

        protected DataTable GetChiTietUser(int ID)
        {
            List<SqlParameter> arrParams = new List<SqlParameter>();
            arrParams.Add(SqlHelper.CreateParameterObject("@ID", SqlDbType.Int, ParameterDirection.Input, ID));
            return SqlHelper.ExecuteDataTable(CommandType.Text, "SELECT * FROM dbo.tblSMVNUser WHERE ID = @ID", arrParams);
        }

        protected void InsertDanhMuc(string UserName, string Password, string HoTen, string Email)
        {
            List<SqlParameter> arrParams = new List<SqlParameter>();
            arrParams.Add(SqlHelper.CreateParameterObject("@Username", SqlDbType.NVarChar, ParameterDirection.Input, UserName));
            Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "MD5");
            arrParams.Add(SqlHelper.CreateParameterObject("@Password", SqlDbType.NVarChar, ParameterDirection.Input, Password));
            arrParams.Add(SqlHelper.CreateParameterObject("@HoTen", SqlDbType.NVarChar, ParameterDirection.Input, HoTen));
            arrParams.Add(SqlHelper.CreateParameterObject("@Email", SqlDbType.NVarChar, ParameterDirection.Input, Email));
            string sql = "INSERT INTO dbo.tblSMVNUser" +
                         "(Username,Password,HoTen,Email)" +
                         "VALUES(@Username,@Password,@HoTen,@Email)";
            SqlHelper.ExecuteNonQuery(CommandType.Text, sql, arrParams);
        }

        protected void UpdateDanhMuc(string HoTen, string Email, int ID)
        {
            List<SqlParameter> arrParams = new List<SqlParameter>();
            arrParams.Add(SqlHelper.CreateParameterObject("@HoTen", SqlDbType.NVarChar, ParameterDirection.Input, HoTen));
            arrParams.Add(SqlHelper.CreateParameterObject("@Email", SqlDbType.NVarChar, ParameterDirection.Input, Email));
            arrParams.Add(SqlHelper.CreateParameterObject("@ID", SqlDbType.Int, ParameterDirection.Input, ID));
            string sql = "UPDATE dbo.tblSMVNUser SET HoTen = @HoTen,Email= @Email WHERE ID = @ID";
            SqlHelper.ExecuteNonQuery(CommandType.Text, sql, arrParams);
        }

        public bool CheckPermision()
        {
            if (Session["username"] == null)
            {
                return false;
            }
            else
            {
                return true;
            }
        }
        #endregion  Ham chuc nang

        protected void btnSearch_Click(object sender, EventArgs e)
        {
            BindDataToGrid(txtSearch.Text.Trim());
        }
    }
}
